Even better than strong passwords: encryption

Mary Ursula HerrmannMary Ursula Herrmann is a Network Security Analyst living in Juneau, AK. She has worked in Information Security for over 15 years, and obtained her CISSP in 2005.

In the recent scandal involving General David Petraeus and others, there's one little thing that would have helped everyone involved retain their secrets, aside from discretion. That one little thing is encryption.I've mentioned encryption before, but what might not have been obvious is that file encryption applications can also easily encrypt parts of files, your clipboard or your email. Both Outlook and Thunderbird, just to name two off the top of my head, support plugins to encrypt and decrypt email. If you use webmail, as Gen. Petraeus was doing in this instance, there are browser extensions that will do that (I use Mailvelope), or you can use a standalone app such as GPG4Win, which is a file/clipboard encryption program. Both can use PGP keys, and in fact, when I installed Mailvelope, I just imported my keyring in so that I didn't have to generate a new keypair or ask my friends for their keys again. An encrypted passage looks something like this (the original is simply The quick brown fox jumps over the lazy dog):-----BEGIN PGP MESSAGE-----Version: GnuPG v2.0.17 (MingW32)

3jf8yT1o0RjlN32+f2NnB8TjKu2QfpcxnQwKrPEzLNJlAfCRDr0ZJ8vzjPtctOLn9ooFTSUij8Y3Wycb0gOACzkWH4sriVaoQUjWt6W/ozP4jQcN12ePJaRiDN1sFgdorDPVSGciJdbnDmuHLKTWFsNxRdYmQcJl6xNogKm8UA6RZkIpmxU==blRM-----END PGP MESSAGE-----Using PGP or PGP-compatible software, your email cannot be read by anyone who does not possess the keys to decrypt it (assuming you are not using very low-bit keys). According to Symantec, which currently owns PGP, PGP has never actually been cracked. This does not mean that your email is secure, please note! If anyone can get at your keychain, they can decrypt your emails and other files. It is much easier to social engineer or steal your keyring than to attempt to break the encryption, and if you are interesting enough, someone may certainly try.Be that as it may, if Gen. Petraeus and Paula Broadwell had, instead of trying to hide their emails, used encryption and kept their keys on (say) an encrypted flash drive that they kept with them always, it's very unlikely that those emails would have been read. If you have something to say in email that you don't want anyone except for the intended recipient to read, generate a keypair, have them do the same, and encrypt your emails. It's quick, it's easy and it's secure.

Morning Roundup

Business headlines from Crain's Cleveland Business and other Ohio newspapers — delivered FREE to your inbox every morning. Sign up for the Morning Newsletter.